Varnish Orca is a Virtual Registry Manager that consolidates and accelerates registries for build & runtime artifacts.
By caching Docker Images, NPM Packages, Helm Charts, Go Modules, and many more, Orca speeds up CI/CD pipelines, reduces developer friction, and lowers operational costs.
Orca can safely cache both public and private registries, with automatic access control integration for most repository managers like Artifactory, Nexus, and Google Artifact Registry.
docker run -p 80:80 varnish/orcaThen try pulling the node Docker image twice:
for i in {1..2}; do docker rmi localhost/library/node &>/dev/null; time docker pull localhost/library/node; doneUnless you have a very fast connection to DockerHub, you should see the second pull take significantly less time as it's served from cache.
This works out-of-the-box because Varnish Orca includes configuration for a DockerHub Virtual Registry, which looks like this:
virtual_registry:
registries:
- name: dockerhub
default: true
remotes:
- url: https://docker.io
- url: https://mirror.gcr.ioThis is using docker.io as the main registry with a fallback to Google's mirror in case DockerHub goes down. You can change the default registry or add additional registries to the list, which become available at subdomains determined by their name.
See the installation guide for deploying the Docker image or installing on Debian/Ubuntu and RHEL/CentOS.
- Always up to date: The requested artifact's manifest is checked for changes in the remote registry.
- Resilient: Keep serving from cache and zero-error failover to mirrors.
- Push and pull: Uploads are proxied through Varnish while downloads are streamed to the client and cached at the same time.
- Deploy anywhere: Runs on pretty much any x86-based linux machine.
- Extensive artifact support: Support for OCI, NPM, Git, Go, and many more.
- Automatic TLS: Built-in ACME certificate resolver and updater.
- Observability: Integrated OpenTelemetry metrics exporter.
- Cache private repositories: Automatic access control integration for private repositories.
- Persisted cache: Extend and persist the memory cache with Massive Storage Engine (MSE).
- OpenTelemetry Tracing: Observe requests as they flow through your network.
- Programmable: Apply your own logic to the request handling with Varnish Configuration Language (VCL).
Varnish Orca is built with two distinct components:
- Varnish Enterprise: High performance cache and reverse proxy, written in C.
- Varnish Supervisor: Control process and integration layer, written in go.
The process tree looks like this: the supervisor starts varnishd, which in turn starts cache-main:
supervisor───varnishd───cache-main
Varnish Orca is a subsystem of the Supervisor containing all the logic needed to operate Varnish as a Virtual Registry. See the virtual_registry configuration section for how to configure Virtual Registries.
Developers prefer using Virtual Registries because dependency downloads and CI Pipelines complete faster, meaning less waiting and less friction.
Platform Engineers deploy Virtual Registries because they scale to virtually any size, control exposure to the internet, and make migrating from one service to another easy.
CTOs choose Virtual Registries because they reduce egress fees, license costs, and increase developer productivity.
Varnish Orca has an embedded license that lasts for one year after release. When the license expires, Varnish will stop accepting traffic. It is therefore recommended to upgrade to the latest version frequently, as each release has a one year "expiry date" from time of release.
The cost model is simple: Varnish Orca is free to use for public registries, with a Premium edition supporting private registries and features like Persisted Cache, OpenTelemetry Tracing and programmability with VCL.
Contact [email protected] for a quote.
For the time being, both Varnish Supervisor and Varnish Enterprise are closed-source, but feel free to open an issue if you have any problems or suggestions.
You can also contact us directly at [email protected].